Hello, how are you, as always thanks for the support.
A client wants to remove their IPS tipping point and place their PA 1410 there, which only uses 3 L3 interfaces, due to load issues, performance everything is fine, it uses hopefully 1 to 6% of the load.
Currently their PA-1410 are HA active/passive, they told me that their IPS are also active/passive but now that I review and validate them, they are not active passive, but active/active because traffic passes in real time through each of them, then they are active/active because functional and operational traffic passes through both devices.
The IPS are in the middle of their switch cores, which both connections are generating traffic.
Now seeing this, a Palo Alto Active Passive model is not useful for me to put as a Vwire type IPS since I will have to:
In one PA, for example, put 2 interfaces and a vwire, in another PA put 2 Vwire interfaces, to interconnect each one with each core switch that both are forwarding traffic. But in the event of a failure on the IPS part, the Active / active of the L3 interfaces will work, because those interfaces are mirrored but those of the vwire, there will be a block in one PA and the other vwire block in the other PA.
The thing is that I must then first pass the PAs from active/passive to active to active from what I see.
Then I have my doubt on another point, in the trunk that passes there is a vlan, 100,200,300,350 and vlan "1" not tagged, is it possible to create a vwire with subinterfaces and leave VLAN 1 untagged?
As always, thank you for your time, comments, tips and collaboration.